HTTPS unable login (Urgent) Thanks! (Solved, please take a look)

vanillaforum

Dear pros, please help me newbie, my problem is: I rewrite http to https by these codes: { RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} } everything works fine, however when i tried to login, I'll loop in the login page(/people.php), and never get logon. after i click submit, i'll be redirected to people.php and every field will be cleared again. please give me some suggestion on how to solve it . Thanks!

Dinoboff

Try Vanilla 1.1.6-rc1. There is a fix related to SSL. It might help:
http://vanilla-friends.googlecode.com/files/vanilla-1.1.6-rc1.zip I remember the change now, and I don't think it will help.

You should check the response using a proxy like http header live (an addon for firefox)

vanillaforum

http://localhost/forum/people.php POST /forum/people.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=lbcb3gmlqjq83gcb9di3t4rqg5 Content-Type: application/x-www-form-urlencoded Content-Length: 127 ReturnUrl=http%253A%252F%252Flocalhost%252Fforum% 252F&PostBackAction=SignIn&Username=admin&Password=MyPassword&btnSignIn=Proceed HTTP/1.x 302 Found Date: Sat, 07 Feb 2009 03:05:29 GMT Server: Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 Location: https://localhost/forum/people.php Content-Length: 218 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ---------------------------------------------------------- https://localhost/forum/people.php GET /forum/people.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=lbcb3gmlqjq83gcb9di3t4rqg5 HTTP/1.x 200 OK Date: Sat, 07 Feb 2009 03:05:30 GMT Server: Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 X-Powered-By: Lussumo Vanilla 1.1.6-rc1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 07 Feb 2009 03:05:30 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 1916 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8

vanillaforum

This is the Generator list POST /forum/people.php ReturnUrl=http%253A%252F%252Flocalhost%252Fforum%252F&PostBackAction=SignIn&Username=admin&Password=MyPassword&btnSignIn=Proceed please help me work it out , Thanks!

vanillaforum

Thanks Dinoboff, vanilla 1.1.6 solved the problem. Version: vanilla 1.1.6-rc1 (tried with vanilla 1.1.5a without success) this is my httpd-conf rewrite statement RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} "appg/settings.php" $Configuration['HTTP_METHOD'] = 'https'; "conf/settings.php" $Configuration['BASE_URL'] = 'https://localhost/forum/'; $Configuration['FORWARD_VALIDATED_USER_URL'] = 'https://localhost/forum/';

Dinoboff

Well I was pessimistic, 1.1.6-rc1 did solved it. One of the fix make sure that session cookies are set with the ssl option. Shouln't the cookie set without the ssl option be accessible to but ssl and non-ssl page?

About 1.1.6-rc1 it is a very stable version; 1.1.6 is not yet out because I waiting for one more feature to be completed.